|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Problem with Hacme Bank Install
From: Martin Mkrtchian (dotsecure
gmail.com)
Date: Thu Sep 09 2004 - 17:53:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I tried to install HACME, installation process was smooth, however
when I launched the application, on the left hand side i dont see the
username and password form boxes. I see that it says "USERNAME"
"PASSWORD". The form is there however html form text boxes are not?
Anyone else encountering this problem?
Help is needed.
Thank You
Martin M
On Wed, 8 Sep 2004 10:03:43 -0400, Mark Curphey <markcurphey.com> wrote:
> Just to let you know in the next hour or so the links should go live to our
> new free tool, Hacme Bank on the Foundstone web site
> (http://www.foundstone.com/s3i).
>
> You can see the press release here;
>
> http://www.tmcnet.com/usubmit/2004/Sep/1071232.htm
>
> It's an online banking application written in C# ASP.NET (requires IIS and
> .NET framework 1.1 to install) with a set of security holes replicating real
> world things we have found in client engagements over the last 9 months. It
> serves as a "real world" training application for web application pen
> testing and education for developers.
>
> Its free for non-commercial use and we are already working on the next
> version to include some more user management issues.
>
> All of the lessons are screen captured and documented so you can step
> through all of the issues. These are in a "User and Solution Guide" PDF in
> the web root by default.
>
> It is not designed to be a good benchmarking platform for automated tools
> but it is interesting to compare the results of your favorite tools with the
> holes in the bank (we have done this) or put it behind a "web app firewall"
> (no uptake from my recent challenge I am afraid, go figure!).
>
> The experienced can start attacking the login field when installed and the
> less experienced can walk through the lesson plans.
>
> Mark
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]